Six months ago I thought Spanning Tree was a California Merlot,” jokes Ed Davis, vice president of marketing for Somerset, N.J.-based IP video and fiber product manufacturer American Fibertek, in reference to an Ethernet protocol used to create a self-healing ring.

But although Davis’s comment was made in jest, the feeling he describes of being bewildered by networking technology and terminology or misunderstanding it entirely is one security integrators may encounter as they begin to install video, access control and other systems that use Ethernet for connectivity.

Security integrators will most likely need to purchase their own switches and routers when the security system is being installed on its own dedicated network that is separate from the customer’s information technology (IT) network.

But even in that situation, communications with IT are critical, notes Lance Holloway, director of technology strategy for Stanley Convergent Security Solutions, a security integrator headquartered in Naperville, Ill.

“They may have a box in mind and may want to run their own Cat 5 cable,” observes Holloway.

Other customers may rely on the integrator to make the networking equipment decisions.

Typically a security network will be based on switches, rather than routers. Integrators should know that switches operate at Layer 2 of the seven-layer Open Systems Interconnection (OSI) model, which essentially means that they are capable of sending communications between devices on the network but are not capable of directing traffic to other networks. That capability is known as Layer 3, or router, functionality and typically it’s required on the device that connects the security network — and possibly also the client’s IT network — to the Internet or another wide area data network connection.

When selecting one or more switches for the client’s security network, critical decisions that must be made include the number of ports and operating speeds of those ports, whether the switch must support power over Ethernet (PoE) capability, and whether to use a managed or unmanaged switch.

The ports on Ethernet switches typically have the designation 10/100 or 10/100/1000. A port with the designation 10/100 can operate at either 10 Mb/s or 100 Mb/s, depending on the device to which it is connected. A 10/100/1000 port can operate at either of those speeds or at 1 Gb/s, which is 10 times faster than a 100 Mb/s connection.

Integrators also need to make sure that the total amount of data that could be transmitted on the network at one time does not exceed the throughput of the switch. This is particularly critical when multiple megapixel cameras are used, as they require large amounts of bandwidth.

In considering how many ports are needed for an installation, integrators not only must consider how many devices will be attached to the network but also how far away each device will be from the switch and whether the device will be connected over copper twisted pair wiring based on the Category 5 standard or over fiber (see sidebar on page 72).

Ethernet standards call for devices to be placed no more than 100 meters from the switch when Category 5 wiring is used. If some devices are more than 100 meters away, the integrator will either need to use a repeater for each device that exceeds the 100-meter limit or connect an additional switch to the first one and then connect the more distant devices to the second switch.

Davis notes that distributors rarely sell switches with more than 24 ports for security installations. By way of explanation he asks, “How many cameras can you put in a 100-meter area?”

Power over Ethernet

The decision whether or not to use a switch that supports PoE depends on the devices to which it will be attached. IP cameras often are built to use PoE, which means that the twisted-pair wiring from the switch carries not only networked system information and video but also carries power. This capability simplifies installations by eliminating the need to locate cameras near an electrical outlet.

It’s important to note, though, that there are two PoE standards, both of which are part of the 802.3 series of Ethernet standards from the Institute of Electrical and Electronic Engineers (IEEE). As Chad Szekeres, national sales manager for Rolling Meadows, Ill.-based manufacturer Nitek explains, the 802.3af standard pertains to PoE capabilities of 48 VDC and 15.4 watts. The 802.3at standard, sometimes known as PoE-plus, operates at 54 VDC and 25.5 watts, Szekeres says.

Not every manufacturer has built PoE-type devices to these standards, however. Integrators should check an IP camera’s specifications closely. If the product uses a type of PoE that does not conform to the standards, the integrator will need to use a specific PoE-type inserter, which is installed between a non-PoE switch port and the camera to provide the appropriate power to the camera. PoE inserters also are an option for standards-compliant PoE devices when used with a non-PoE switch.

Integrators also should closely read the switch manufacturer’s specs, notes Don Phillippe, director of education for Carol Stream, Ill.-based networking equipment distributor Communications Supply Corp. A switch that supports the “af” standard, for example, may not provide the full power to every port but instead the power may be shared among ports.

“802.3af Type 1 is 15.4 watts per channel,” Phillippe observes.

While most of the options we have discussed are fairly complex and high tech, another important consideration is more basic, but no less important.

If a switch is going to be installed in harsh conditions, including areas that may be subject to temperature extremes, the integrator should use a ruggedized switch suitable for those conditions.

Managed or Unmanaged?

Another critical decision that integrators must make is whether to use a managed or unmanaged switch. A managed switch typically is more costly than an unmanaged switch but has the ability to monitor itself and automatically send email alerts to appropriate personnel in the event that certain performance thresholds are exceeded—such as when connectivity is lost or bandwidth exceeds a certain percentage of capacity.

An important question is “Who will support the network?” observes Vince Ricco, senior network consultant for Bothell, Wash.-based networking equipment manufacturer Allied Telesis. “The user may want a management system or the integrator may be maintaining the system and may want the ability to set triggers and traps.”

A managed switch is also required or highly recommended in certain circumstances, including when the installation requires multicasting, the ability to prioritize certain types of traffic by using quality of service (QoS) capability, virtual local area networks (VLANs), or a ring implementation. We’ll cover each of these capabilities in more detail.

Multicasting is a capability integrators will want to consider if video is streamed in real time to multiple destinations. The goal of multicasting is to minimize the amount of traffic on the network by eliminating the need to send duplicate streams to the various destinations. Instead, a single stream is sent to a common network location, with individual streams sent only over the final portion of the data path to each end user.

Quality of service assigns different priorities to different types of traffic with the goal of ensuring that real-time traffic such as streaming video has sufficient bandwidth and low enough latency to be properly viewed. Most of the people interviewed for this article say QoS typically isn’t required on a dedicated security network but that it could be useful when security devices are connected to the customer’s IT network or there is a possibility that the network will be shared in the future.

“Nobody knows for sure what the future holds,” comments Craig Deyoe, project designer for Albany, N.Y.-based security integrator SI Technologies. “It’s better to sell them something that will do everything they could possibly need it to do.”

When a network includes VLANs, the installer essentially creates two or more logical networks from a single switch by assigning individual ports to different VLANs. Devices connected to one VLAN cannot communicate with devices on another VLAN unless they go through a router. This eliminates the need to use multiple switches to create logically separate networks.

A ring implementation is a method of giving the network self-healing capability in the event of a break in a connection or the failure of a switch. To support this, two managed switches are interconnected across two separate paths to create a transport ring. If either switch fails or if one of the transmission paths is broken, traffic is rerouted to continue service on the ring. The Spanning Tree that American Fibertek’s Davis joked about is one of the protocols used for ring implementation.

It remains a great example. What you don’t know when you first start can be corrected. Keep learning, and it will all come together. Using the Ethernet may seem complex at first, but soon enough, like Davis, you’ll get able to tell a Spanning Tree protocol from a California Merlot — and so much more.

When a Client Goes Green

The green movement has not had a big impact on security networks, in large part because switches and routers draw relatively small amounts of power, minimizing their impact on the environment.

But some of the nation’s largest corporations have established goals of reducing their carbon footprint by a certain percentage within a certain number of years, and occasionally such concerns may find their way into the specifications for security projects for these companies.

One thing integrators can do to minimize the environmental impact of the equipment used in security networks is to select products meeting requirements of the Restriction of Hazardous Substances (ROHS) Directive, which restricts the use of six hazardous materials in the manufacture of various types of electronic and electrical equipment. Although these requirements apply only in Europe, networking devices supporting these requirements are available in the United States.

Another option that may be appropriate in certain environments is to use networking equipment that is convection cooled, eliminating the need to power a fan, notes Jim Krachenfels, marketing manager for GarrettCom, a Belden brand, a Fremont, Calif.-based networking equipment manufacturer.